|
Full Disclosure
mailing list archives
Re: lots of connections to 64.40.117.19 port 80
From: Michael Holstein <michael.holstein () csuohio edu>
Date: Fri, 18 Apr 2008 10:38:56 -0400
Recently I have seen a lots of connections to 64.40.117.19 port 80 in
one of our clients network.
could be a lot of things .. do you have tcpdump? .. a packet trace would
make your attempt at collective troubleshooting a *lot* easier .. but
DDOS is an easy "malicious" guess. Non-malicious ones could be something
like a blog/article on that box that just got featured on Digg/Slashdot/etc.
Connections are coming from all over the Internet (various different
IPs) specifically to this IP.
Yeah .. that's how the Internet works.
What kind of problem this could be?
Has anybody seen this kind of attack before?
Do you admin that box at 64.40.117.19? .. if it's a webserver, check the
logs .. what's being requested?
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
| 
